Lucene search
+L

203 matches found

osv
osv
added 2022/08/10 8:15 p.m.1 views

CVE-2022-35509

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...

5.4CVSS6AI score0.00495EPSS
Exploits1References1
attackerkb
attackerkb
added 2022/08/10 8:15 p.m.2 views

CVE-2022-35509

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...

5.4CVSS6.4AI score0.00495EPSS
Exploits1References2
osv
osv
added 2022/07/02 8:15 p.m.0 views

DEBIAN-CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.2AI score0.00992EPSS
Exploits0References1
prion
prion
added 2022/07/02 8:15 p.m.21 views

Hardcoded credentials

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

4.3CVSS6.2AI score0.00992EPSS
Exploits0References6Affected Software2
attackerkb
attackerkb
added 2022/07/02 8:15 p.m.2 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS5.9AI score0.00992EPSS
Exploits0References9
osv
osv
added 2022/07/02 8:15 p.m.4 views

UBUNTU-CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.5AI score0.00992EPSS
Exploits0References3
debiancve
debiancve
added 2022/07/02 12:0 a.m.57 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.2AI score0.00992EPSS
Exploits0
cnnvd
cnnvd
added 2022/07/02 12:0 a.m.7 views

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.37.3, which stems from a...

6.1CVSS6.3AI score0.00992EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2022/07/02 12:0 a.m.9 views

PT-2022-22431 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.37.3 MediaWiki versions 1.38.x prior to 1.38.1 Description: An issue was discovered where the contributions-title, used on Special:Contributions, is used as a page title without escaping. This can cause problems ...

9.8CVSS5.9AI score0.22699EPSS
Exploits30References140
cvelist
cvelist
added 2022/07/02 12:0 a.m.30 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.6AI score0.00992EPSS
Exploits0References6
kitploit
kitploit
added 2022/06/19 12:30 p.m.35 views

Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients...

7.6AI score
Exploits0References3
osv
osv
added 2022/05/24 5:29 p.m.9 views

GHSA-RJ9P-8JXJ-2CH4 MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML...

6.1CVSS6.4AI score0.01104EPSS
Exploits0References8
kitploit
kitploit
added 2022/02/25 8:30 p.m.26 views

openSquat - Detection Of Phishing Domains And Domain Squatting. Supports Permutations Such As Homograph Attack, Typosquatting And Bitsquatting

What is openSquat openSquat is an opensource Intelligence OSINT security tool to identify cyber squatting threats to specific companies or domains, such as: Phishing campaigns Domain squatting Typo squatting Bitsquatting IDN homograph attacks Doppenganger domains Other brand/domain related scams ...

7.6AI score
Exploits0References3
akamaiblog
akamaiblog
added 2022/02/25 2:0 p.m.18 views

What’s New for Developers: February 2022

A lot has happened since we published our January recap blog. Akamai launched a new documentation site on readme.io, we started a new season of Terraform Tapas, and we saw many amazing contributions from our Developer Champions...

6.9AI score
Exploits0
msrc
msrc
added 2022/02/01 6:0 p.m.25 views

Expanding the Microsoft Researcher Recognition Program

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more...

7AI score
Exploits0
msrc
msrc
added 2022/02/01 8:0 a.m.12 views

Expanding the Microsoft Researcher Recognition Program

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more...

1.2AI score
Exploits0
hackerone
hackerone
added 2022/01/08 6:53 p.m.32 views

Ruby on Rails: XSS vulnerabilities due to missing checks in tag helpers

XSS vulnerabilities were discovered in certain tag helpers in Rails, specifically in the FormTagHelper and TagHelper modules. These vulnerabilities allowed attackers to execute arbitrary JavaScript code by manipulating user-controlled input in tag attributes and tag names. The impact of these...

6.1CVSS6.9AI score0.01485EPSS
Exploits1
rapid7blog
rapid7blog
added 2021/12/02 3:5 p.m.16 views

Hacky Holidays From Rapid7! Announcing Our New Festive Blog Series

The holiday season often inspires reflection on the year coming to a close — but with the new year approaching, this season can also signal the opportunity for a fresh start. In that spirit, we're announcing a refreshed theme and approach to our annual holiday blog series: Hacky Holidays! While...

7.2AI score
Exploits0
gitee
gitee
added 2021/12/01 12:30 p.m.7 views

Exploit for Incorrect Default Permissions in Microsoft

Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...

8.8CVSS9.9AI score0.15257EPSS
Exploits4
hackerone
hackerone
added 2021/11/11 5:43 p.m.21 views

Adobe: Able to bypass the fix on DOM XSS at [www.adobe.com]

Thank you @saajanbhujel for your contributions and we look forward to collaborating with you again in the future!...

2.1AI score
Exploits0
Rows per page
Query Builder